bedrock
bedrock copied to clipboard
microsoft
As a developer I would like to know the best security practices for running a single cluster Kafka instance
Application Security
- [ ] Guidance on security best practices for kafka/stateful workloads. e.g. authorization, authentication.
Infrastructure Security
- [ ] Guidance on network security and network policies - how to setup ingress/egress policies to connect to plain or TLS kafka listeners.
- [ ] Guidance on RBAC to control access to the Kafka namespace which may contain Kubernetes secrets.
Additional "bring your own certificate" needs:
- [ ] Guidance on certificate and encryption key management
- [ ] Bring your own certificates - Describe how to register certificates into the Kafka cluster with the brokers.
- [ ] Let the Kafka Operator manage certificates and sync them to an external store e.g. KeyVault - Strimzi will handle the creation and registration of certificates for Kafka Users and store the certs as Kubernetes Secrets. An alternative tool can sync the certs to KeyVault so that we can allow clients (outside or inside Kubernetes) to connect to a Kafka Broker using Mutual Authentication.
Additional scenario we could show guidance for:
Provide an example of how to achieve RBAC that limits access to the Kafka namespace from processes within Kubernetes. Effectively viewing the Kubernetes API as an attack surface for Kafka.
cc @sayar
Adding details to @andrebriggs's previous comment. Ideally, RBAC should be enabled in the cluster and a ClusterRole specified that can access the Kafka Resources in the Kafka Namespace. Any application (such as Prometheus) that uses the Kubernetes API to discover/access resources in a specific namespace should have a ServiceAccount that is bound to the previously specified ClusterRole. This will ensure that only applications that should know about the Kafka Kubernetes resources have access to them.
